I think this is the right spot to put it but can someone help me here. I need some type of script to block php code when someone sends an image with bb code [*img]http://aurlhere.com/counter.php?blabla=4444444&java=0&security=33d803c2&invisible=0[/img*] Code (markup): security issue. -_-
I wouldn't block PHP completely because a lot of services offer dynamic images that get populated using GD. Usually to verify images I run them through the appropriate functions, and if it doesn't error while drawing the image, it's legit. I'll show a little example code below so you can see what I'm talking about (don't use this example, it's just to get he jist of what I'm talking about) // This would be the uploaded or linked-to image $someImage = "test.jpg"; if (!@imagecreatefromjpeg($someImage)) { die("Ruh roh invalid image!"); } PHP: Obviously this doesn't fit your case 100%, but you could have it verify the image being linked is legit, if not just disregard it. Theres most likely better ways, though this one usually works out for me.
Where's the risk? The PHP script runs on the other server and can't do anything on the client's computer.